Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-7759
2025-07-17
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in thinkgem JeeSite up to 5.12.0. This affects an unknown part…
CVE-2025-7758
2025-07-17
HIGH
8.8
A vulnerability, which was classified as critical, has been found in TOTOLINK T6 up to 4.1.5cu.748_B20211015. Affected by this issue…
CVE-2025-7757
2025-07-17
HIGH
7.3
A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Affected by this vulnerability is an unknown…
CVE-2025-7756
2025-07-17
MEDIUM
4.3
A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation…
CVE-2025-46732
2025-07-18
MEDIUM
5.4
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR…
CVE-2025-50240
2025-07-17
CRITICAL
9.8
nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds parameter at /sys/user/deleteRecycleBin.
CVE-2025-7786
2025-07-18
LOW
3.5
A vulnerability, which was classified as problematic, has been found in Gnuboard g6 up to 6.0.10. This issue affects some…
CVE-2025-7785
2025-07-18
MEDIUM
4.3
A vulnerability classified as problematic was found in thinkgem JeeSite up to 5.12.0. This vulnerability affects the function sso of…
CVE-2025-7784
2025-07-18
MEDIUM
6.5
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative…
CVE-2025-7767
2025-07-18
LOW
3.5
A vulnerability, which was classified as problematic, has been found in PHPGurukul Art Gallery Management System 1.1. Affected by this…
CVE-2025-7765
2025-07-17
HIGH
7.3
A vulnerability classified as critical was found in code-projects Online Appointment Booking System 1.0. Affected by this vulnerability is an…
CVE-2025-7764
2025-07-17
HIGH
7.3
A vulnerability classified as critical has been found in code-projects Online Appointment Booking System 1.0. Affected is an unknown function…
CVE-2025-7763
2025-07-17
MEDIUM
4.3
A vulnerability, which was classified as problematic, was found in thinkgem JeeSite up to 5.12.0. Affected is the function select…
CVE-2025-46001
2025-07-18
N/A
0.0
An arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading…
CVE-2024-13175
2025-07-18
MEDIUM
5.5
Authorization Bypass Through User-Controlled Key vulnerability in Vidco Software VOC TESTER allows Forceful Browsing.This issue affects VOC TESTER: before 12.41.0.
CVE-2025-6227
2025-07-18
LOW
2.2
Mattermost versions 10.5.x
CVE-2025-6233
2025-07-18
MEDIUM
6.8
Mattermost versions 10.8.x
CVE-2025-50126
2025-07-18
N/A
0.0
A stored XSS vulnerability in the RSBlog! component 1.11.6-1.14.5 Joomla was discovered. The issue allows remote authenticated users to inject…
CVE-2025-50058
2025-07-18
N/A
0.0
A stored XSS vulnerability in the RSDirectory! component 1.0.0-2.2.8 Joomla was discovered. The issue allows remote authenticated attackers to inject…
CVE-2025-50057
2025-07-18
N/A
0.0
A DOS vulnerability in RSFiles! component 1.16.3-1.17.7 Joomla was discovered. The issue allows unauthenticated remote attackers to deny access to…
CVE-2025-50056
2025-07-18
N/A
0.0
A reflected XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 28 Joomla was discovered. The issue allows remote attackers to…
CVE-2025-49486
2025-07-18
N/A
0.0
A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in…
CVE-2025-49485
2025-07-18
N/A
0.0
A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1.1 for Joomla allows privileged users to execute arbitrary SQL commands…
CVE-2025-49484
2025-07-18
N/A
0.0
A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL…
CVE-2025-2425
2025-07-18
N/A
0.0
Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the…
CVE-2025-7444
2025-07-18
CRITICAL
9.8
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This…
CVE-2025-6226
2025-07-18
MEDIUM
6.5
Mattermost versions 10.5.x
CVE-2025-6197
2025-07-18
MEDIUM
4.2
An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must…
CVE-2025-6023
2025-07-18
HIGH
7.6
An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability…
CVE-2025-38349
2025-07-18
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: eventpoll: don't decrement ep refcount while still holding the ep…
CVE-2025-26855
2025-07-18
N/A
0.0
A SQL injection in Articles Calendar extension 1.0.0 - 1.0.1.0007 for Joomla allows attackers to execute arbitrary SQL commands.
CVE-2025-26854
2025-07-18
N/A
0.0
A SQL injection in Articles Good Search extension 1.0.0 - 1.2.4.0011 for Joomla allows attackers to execute arbitrary SQL commands.
CVE-2024-32124
2025-07-18
MEDIUM
4.3
An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a…
CVE-2024-27779
2025-07-18
MEDIUM
6.7
An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions,…
CVE-2025-7772
2025-07-18
MEDIUM
6.5
The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read…
CVE-2025-7438
2025-07-18
HIGH
7.5
The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in…
CVE-2025-7643
2025-07-18
CRITICAL
9.1
The Attachment Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the…
CVE-2025-6726
2025-07-18
MEDIUM
4.3
The Block Editor Gallery Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
CVE-2025-6719
2025-07-18
MEDIUM
4.4
The Terms descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to,…
CVE-2025-6718
2025-07-18
HIGH
8.8
The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1_run_query AJAX…
CVE-2025-6717
2025-07-18
MEDIUM
6.5
The B1.lt plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and…
CVE-2025-6222
2025-07-18
CRITICAL
9.8
The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet theme for WordPress is vulnerable…
CVE-2025-5811
2025-07-18
MEDIUM
5.3
The Listly: Listicles For WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
CVE-2025-5800
2025-07-18
MEDIUM
6.4
The Testimonial Post type plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘auto_play’ parameter in all versions…
CVE-2025-5767
2025-07-18
MEDIUM
6.4
The Crowdfunding for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions…
CVE-2025-5754
2025-07-18
MEDIUM
6.4
The Useful Tab Block – Responsive & AMP-Compatible plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’…
CVE-2025-5752
2025-07-18
MEDIUM
6.4
The Vertical scroll image slideshow gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in…
CVE-2025-29572
2025-07-18
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-7660
2025-07-18
MEDIUM
6.4
The Map My Locations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'map_my_locations' shortcode in all…
CVE-2025-7648
2025-07-18
MEDIUM
6.4
The Ruven Themes: Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ruven_button' shortcode in all…
« Anterior
Página 95 de 3420
Siguiente »
Page load link
Go to Top
